U.S. Secretary Of Homeland Security Warns About The Dangers Of Pervasive Encryption

U.S. Secretary Of Homeland Security Warns About The Dangers Of Pervasive Encryption

In a speech at cybersecurity conference RSA, U.S. Secretary of Homeland Security Jeh Johnson outlined the government’s discomfort with increasing implementation of encryption by technology companies, and what impact the shift might have on national security.

While tech firms like Apple are advancing encryption to an increasingly broad set of consumer activities, the government is concerned that it could increasingly be locked out from the communications, and the intentions, of threats to national security.

The issue of encryption, who should hold the controlling keys, and if American technology companies should be compelled to provide special access to consumer data to the United States government are issues as old as they are controversial. The common argument against any weakening of encryption is that there are no unexploitable weaknesses — if Google were to craft a back or front door for the U.S. government, it’s impossible to keep that same entryway free from other parties.

After asking for “indulgence” and “understanding,” the secretary said during his remarks that the “current course [the technology industry is on, toward deeper and deeper encryption in response to the demands of the marketplace, is one that presents real challenges for those in law enforcement and national security.”

In the secretary’s view, the nation’s “inability to access encrypted information poses public safety challenges.” Ignoring the mild irony behind that comment — why else would you choose to encrypt data? — the government employee continued: “In fact, encryption is making it harder for your government to find criminal activity and potential terrorist activity.”

Johnson concluded with a colorful description of privacy and freedom, calling them “the things that constitute our greatest homeland security.”

His remarks were very similar to President Barack Obama’s in an interview earlier this year with Re/code’s Kara Swisher. The president said that while he was more in favor of encryption than most in law enforcement, he also recognized the problems it posed for those agencies. Both Obama and Johnson spoke about the importance of privacy when facing tech-oriented audiences, but failed to take a strong stance in its defense.

The Homeland Security secretary weighs in on this issue as White House aides are investigating encryption and preparing to report back to the president this month. In a recent speech at Princeton University,NSA chief Michael Rogers argued law enforcement should have front door access with multiple locks. He argued government abuse of this access could be avoided by splitting multiple keys among separate agencies.

But Jeff Williams, the CTO of Contrast Security, tells TechCrunch that such an approach is impossible. He argued that it would be impossible for the government to create technology that would allow it front door access to all communications devices and splitting such a tool among agencies would be inefficient and ineffective. He also said a split key could still be thwarted by super-encryption.

“Frankly the cat is out of the bag on secure encryption,” Williams said.

Even with the upcoming report to the president, it is unlikely Obama will take any measurable stand for Americans’ privacy rights. The private sector and law enforcement have volleyed back and forth on this issue for decades, now reigniting the exact same debate we saw in the early 1990s over the Clipper Chip. We’ve seen the White House take very little action on limiting the scope of the American intelligence apparatus, even in the wake of high-profile leaks from Edward Snowden.

Why would it start now?

The private sector has to keep improving encryption, as customers — particularly those outside the United States — worry about surveillance. But as these companies work to keep threats out of these devices, we can be certain that our law enforcement agencies are working just as fast to break into them.

With little public scrutiny over this technical issue, politicians have little incentive to stand up for privacy. Even with high-profile remarks such as those from Johnson today, it’s likely we’ll continue to see more of the status quo.